Your message dated Tue, 02 Oct 2012 22:17:28 +0000
with message-id <e1tjamo-0001ye...@franck.debian.org>
and subject line Bug#688912: fixed in emdebian-crush 2.2.19
has caused the Debian Bug report #688912,
regarding xapt can overwrite /bin/tar with foreign arch binary if MultiArch is
enabled for the target architecture
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
688912: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688912
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: xapt
Version: 2.2.18
Severity: critical
File: /usr/sbin/embuilddeps
Justification: breaks the whole system
Just experienced a situation where embuilddeps managed to replace
/bin/tar with an armel binary on an amd64 machine, due to MultiArch
being enabled on that system to support armel.
Other files also got replaced:
/bin/tempfile
/usr/bin/locale
/sbin/ldconfig
This results in a system which cannot unpack .deb files and therefore
needs a handy chroot nearby from which the actual /bin/ executables can
be copied... or a reinstall.
The problem is two fold:
The MultiArch support in embuilddeps and xapt is not enabled by default
- this was a mistake in the early development of the transitional
support between old-world dpkg-cross paths and new-world MultiArch
paths. The exact version of dpkg which would enable this support was
not clear at the time that the support in xapt was implemented.
The final stage of the xapt installation of packages converted by
dpkg-cross is not sufficiently careful and can force dpkg to install
packages which have not been converted.
I initially had this problem on my development machine which is running
current SVN but I have since reproduced this problem in a Wheezy VM
using the xapt package from Wheezy.
In that case, I stopped the process part way through but dpkg had
already replaced:
debianutils
dpkg
bsdutils
debconf
debhelper
dpkg-dev
file
libc-bin
Although the affected version has been backported to Squeeze, Squeeze
is not affected because the version of dpkg in Squeeze doesn't allow a
foreign architecture to be specified and the version of dpkg-cross in
Squeeze does not support converting MultiArch packages to dpkg-cross
paths.
The fix will be to force the existing MultiArch support to be enabled
when the architecture requested matches a supported dpkg foreign
architecture and to tighten the restrictions on the list of .deb
packages to be installed to ensure that only -cross packages are
selected.
Currently, my proposed changes for the multiarch / foreign-architecture
match detection code looks a bit like:
# use dpkg --print-foreign-architectures dpkg >= 1.16.2
my $cmd = 'dpkg-query -W -f \'${Version}\' dpkg';
$installed = `$cmd 2>/dev/null`;
my $res = system ("dpkg --compare-versions $installed '>=' 1.16.2");
$res >>= 8;
if (($res == 0) and (not defined $multiarch)) {
$res = system("dpkg --print-foreign-architectures | grep $arch >
/dev/null");
$res >>= 8;
if ($res == 0) {
$cmd = 'dpkg-query -W -f \'${Version}\' dpkg-cross';
$installed = `$cmd 2>/dev/null`;
$res = system ("dpkg --compare-versions $installed '>='
$minver");
$res >>= 8;
if ($res != 0) {
die ("Unsupported combination of old dpkg-cross and new
dpkg!\n");
}
$multiarch++;
warn ("Warning: Multi-Arch support has been enabled.\n");
}
}
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: armel
i386
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
(ignored: LC_ALL set to en_GB.UTF-8) Shell: /bin/sh linked to /bin/dash
Versions of packages xapt depends on:
ii apt 0.9.7.5
ii dpkg-cross 2.6.7
ii dpkg-dev 1.16.8
ii libconfig-inifiles-perl 2.75-1
ii libdpkg-perl 1.16.8
ii liblocale-gettext-perl 1.05-7+b1
ii perl 5.14.2-13
xapt recommends no packages.
xapt suggests no packages.
-- no debconf information
--
Neil Williams
=============
http://www.linux.codehelp.co.uk/
pgpMmtrYNFkVC.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: emdebian-crush
Source-Version: 2.2.19
We believe that the bug you reported is fixed in the latest version of
emdebian-crush, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 688...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Neil Williams <codeh...@debian.org> (supplier of updated emdebian-crush package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 26 Sep 2012 22:16:57 +0100
Source: emdebian-crush
Binary: emdebian-crush pdebuild-cross xapt
Architecture: source all
Version: 2.2.19
Distribution: unstable
Urgency: low
Maintainer: Neil Williams <codeh...@debian.org>
Changed-By: Neil Williams <codeh...@debian.org>
Description:
emdebian-crush - emdebian crossbuilding helpers
pdebuild-cross - cross-building support for pbuilder
xapt - retrieve, build and install libraries for cross-compiling
Closes: 688912
Changes:
emdebian-crush (2.2.19) unstable; urgency=low
.
* Check for MultiArch support in dpkg and force the multiarch
support in dpkg-cross if the requested architecture is in the
list of dpkg foreign architectures. (Closes: #688912)
* Limit installation to only packages successfully converted using
dpkg-cross.
Checksums-Sha1:
b47089e25fe698b590e7966197665c7ef15ca832 1850 emdebian-crush_2.2.19.dsc
719c993755bc76b74c6c067839e2f15b97519a62 88260 emdebian-crush_2.2.19.tar.gz
3b90025334d05f707c5262ec88956ff37bf6b889 47998 emdebian-crush_2.2.19_all.deb
90b9e00d8db069e78638f18fb1d3a9b56e654754 48690 pdebuild-cross_2.2.19_all.deb
1cde22eddbe38ea07847f5a789193559a7fd3fee 71008 xapt_2.2.19_all.deb
Checksums-Sha256:
1edcafcd27c9e3a1930616042b59b8cd3e632cbcce56dd44c3c99f27f9e939ce 1850
emdebian-crush_2.2.19.dsc
2c1119d5bf59ffb0f9d28365e9d54fb4f6e3658341b924717732df9e7c491ba6 88260
emdebian-crush_2.2.19.tar.gz
acd9f56f7c6248c1c900c949ce7cb435d47be748d560878079a86dab9e91c836 47998
emdebian-crush_2.2.19_all.deb
22a6c7f80db27740a5b57b496790655bba2ceaceb68b37d360e8e72eabba0879 48690
pdebuild-cross_2.2.19_all.deb
ecbc83838d29ade76727ab8dfad01aa45ed1bbd7394b8a0b12100b3bdff315a5 71008
xapt_2.2.19_all.deb
Files:
6949078c5103588d165806b63851d3ff 1850 utils extra emdebian-crush_2.2.19.dsc
2e32f48cd8fe133fe0b135e02a775b57 88260 utils extra emdebian-crush_2.2.19.tar.gz
6d039a10881b897134b6d86ab55b62b8 47998 utils extra
emdebian-crush_2.2.19_all.deb
02bae352e2fa11a1e9870e39257f6889 48690 devel optional
pdebuild-cross_2.2.19_all.deb
bf9ee93a67c61b25ad58d11c1dd73a65 71008 devel optional xapt_2.2.19_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJQa2Q4AAoJEPFn5DyBQ7aC0jQP/1cLCm25P2I6BLdGN+HUp7so
sOT6ZDY5PHuVMHC7QHxcR0wMR1+rexbkPVO35iIo7BJVo1Nd/NbAShwbRnh/iw6t
8K6aPdfJxOjjO/ws5XnCwagS1z4/wi4BlVjyjglW/NNfXnrD5BHgQ5T2R2oqPyYe
p8FsTxB5hSLayptynT45WwPwEEXoGV56QoRBXLtw3AqvLxYiXiQESHE69MQs+rj3
9uRBS/uspf8NQNXmbEkTvm5o7Kgh8I2ZuRByjT/C+31KVoqzLrKTRhtCrvmA1vXH
okMC36cxBRpqL/toUmoiG1tOGSBTREzAZrup+WP3B5MsuGlb4uRE2mXWvtO/+vg1
/szpzetM7Mk8uEqoHmjdYt+a2aIcZrImIPzXqUjmlA2Hufh96tyaxNZ2Nw3bPw78
+xQIYiiH2Iw33cnz7dy3KZ21s2SJetLHZ82VDEtvRSwUH4oD0QyvoIP/v4ZjQcQH
ikmwiuqD4wZ2hZCdxGhxzcJjdtYQxlGXNI2p3cC92QqGkIevLYSk6uetB1q6sS38
GKVU9NEM6FVLbUBvzvPnCFmB1faqFCfw9oAWqamtzGF+dJeBY7zPh3H+cxbPiDps
2d4nwc1avcv8hb3qyYNxaJEmqvFhzTCAL+snY7GV8SVbTmfybx8Xv31tY8Cj2HmN
nMagu7QbpKRsYJDT6eQB
=D/Zn
-----END PGP SIGNATURE-----
--- End Message ---
